>>>Если iptables не ругнулся на правило, значит все необходимое уже есть и
>>>вы копаете не в том направлении.
>>
>>хм, а как проверить что NAT загрузился:
>
>iptables-save - смотрим правила # Generated by iptables-save v1.4.1.1 on Fri Mar 6 22:49:21 2009
*raw
:PREROUTING ACCEPT [737230163:35002621350]
:OUTPUT ACCEPT [1188615945:1700204428830]
COMMIT
# Completed on Fri Mar 6 22:49:21 2009
# Generated by iptables-save v1.4.1.1 on Fri Mar 6 22:49:21 2009
*nat
:PREROUTING ACCEPT [4350938:258777834]
:POSTROUTING ACCEPT [329200:201600426]
:OUTPUT ACCEPT [325324:201255210]
-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Mar 6 22:49:21 2009
# Generated by iptables-save v1.4.1.1 on Fri Mar 6 22:49:21 2009
*mangle
:PREROUTING ACCEPT [737230163:35002621338]
:INPUT ACCEPT [734711468:34842240033]
:FORWARD ACCEPT [496275:29599416]
:OUTPUT ACCEPT [1188615058:1700204385018]
:POSTROUTING ACCEPT [1189111333:1700233984434]
COMMIT
# Completed on Fri Mar 6 22:49:21 2009
# Generated by iptables-save v1.4.1.1 on Fri Mar 6 22:49:21 2009
*filter
:INPUT ACCEPT [2:156]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [20580:28953517]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -d 127.0.0.1/32 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A FORWARD -j RH-Firewall-1-INPUT
-A FORWARD -o eth0 -p tcp -m tcp --sport 137:139 -j DROP
-A FORWARD -o eth0 -p udp -m udp --sport 137:139 -j DROP
-A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 137:139 -j DROP
-A OUTPUT -o eth0 -p udp -m udp --sport 137:139 -j DROP
-A OUTPUT -s 10.8.0.0/24 -o tun0 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 222 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 30000:65535 -j ACCEPT
-A RH-Firewall-1-INPUT -d 10.8.0.0/24 -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -d 10.8.0.0/24 -i tun0 -j ACCEPT
COMMIT
# Completed on Fri Mar 6 22:49:21 2009
>lsmod - смотрим загруженный модули
# lsmod
Opening /proc/modules: No such file or directory
модулей вообще нет?